Am Tue, 30 Jun 2015 12:48:22 +0200 schrieb Andreas Laesser andreas.laesser@tugraz.at:
Hi @all
I have a (maybe) a problem with my openldap server authenticating over a JAVA tool (Apache Directory Studio LDAP Browser V2.0.0.v20130628, jXplorer) via GSSAPI.
When I do a ldapsearch from command line via GSSAPI it works fine...
~ % klist Ticket cache: FILE:/tmp/krb5cc_1086_lR4Nxxxxrs Default principal: admin@SPSC.TUGRAZ.AT
Valid starting Expires Service principal 30/06/2015 10:54 02/07/2015 10:54 krbtgt/SPSC.TUGRAZ.AT@SPSC.TUGRAZ.AT renew until 10/07/2015 10:54 30/06/2015 10:54 02/07/2015 10:54 ldap/ldap1.spsc.tugraz.at@SPSC.TUGRAZ.AT renew until 10/07/2015 10:54
~ % ldapsearch -H ldaps://ldap1.spsc.tugraz.at -b "dc=SPSC,dc=TUGRAZ,dc=AT"
This works well....
but if I try the same from one of the two tools mentioned above it simply not bind or connects....
Does anybody had the same problems, or knows a solution?
If Kerberos is properly set up, you should use SASL GSSAPI, that is ldapsearch -Y GSSAPI -H ldaps://some.host
-Dieter